Bug 192636 - CVE-2006-1858 SCTP chunk length overflow
CVE-2006-1858 SCTP chunk length overflow
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Red Hat Kernel Manager
Red Hat Kernel QE team
: Security
Depends On:
Blocks: 176344
  Show dependency treegraph
Reported: 2006-05-22 06:09 EDT by Marcel Holtmann
Modified: 2009-03-09 07:46 EDT (History)
4 users (show)

See Also:
Fixed In Version: RHSA-2006-0617
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-22 14:48:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
backport of the referenced patch (1.32 KB, patch)
2006-05-30 15:44 EDT, Neil Horman
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0617 normal SHIPPED_LIVE Important: kernel security update 2006-08-22 00:00:00 EDT

  None (edit)
Description Marcel Holtmann 2006-05-22 06:09:06 EDT
When performing bound checks during the parameter processing, we want to use the
real chunk and paramter lengths for bounds instead of the rounded ones. This
prevents us from potentially walking of the end if the chunk length was

The upstream fix can be found here:

Comment 1 Neil Horman 2006-05-26 16:29:30 EDT
verifying the backport now
Comment 2 Neil Horman 2006-05-30 15:44:41 EDT
Created attachment 130246 [details]
backport of the referenced patch

Backport of the referenced patch.  I'll post as soon as the U5 tree opens up.
Comment 3 Jason Baron 2006-08-07 14:42:56 EDT
committed in stream E5 build 42.0.1. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
Comment 6 Red Hat Bugzilla 2006-08-22 14:48:50 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Comment 7 Jason Baron 2006-08-30 13:46:33 EDT
committed in stream U5 build 42.4. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/

Note You need to log in before you can comment on or make changes to this bug.